From cde5f1097356568492257a550766e45264cfa923 Mon Sep 17 00:00:00 2001 From: "John L. Hammond" Date: Sun, 18 Sep 2016 16:37:02 -0400 Subject: [PATCH] staging: lustre: ldlm: fix a use after free in ldlm_resource_get() If lvbo initialization has failed then save the return status (from lr_lvb_len) before putting the resource. Signed-off-by: John L. Hammond Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-5305 Reviewed-on: http://review.whamcloud.com/11017 Reviewed-by: Andreas Dilger Reviewed-by: Emoly Liu Reviewed-by: Dmitry Eremin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman --- drivers/staging/lustre/lustre/ldlm/ldlm_resource.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/staging/lustre/lustre/ldlm/ldlm_resource.c b/drivers/staging/lustre/lustre/ldlm/ldlm_resource.c index 62d9f6f0edab..912cd680d0f1 100644 --- a/drivers/staging/lustre/lustre/ldlm/ldlm_resource.c +++ b/drivers/staging/lustre/lustre/ldlm/ldlm_resource.c @@ -1091,6 +1091,7 @@ ldlm_resource_get(struct ldlm_namespace *ns, struct ldlm_resource *parent, struct cfs_hash_bd bd; __u64 version; int ns_refcount = 0; + int rc; LASSERT(!parent); LASSERT(ns->ns_rs_hash); @@ -1140,8 +1141,9 @@ lvbo_init: } if (unlikely(res->lr_lvb_len < 0)) { + rc = res->lr_lvb_len; ldlm_resource_putref(res); - res = ERR_PTR(res->lr_lvb_len); + res = ERR_PTR(rc); } return res; } @@ -1152,8 +1154,6 @@ lvbo_init: cfs_hash_bd_unlock(ns->ns_rs_hash, &bd, 1); if (ns->ns_lvbo && ns->ns_lvbo->lvbo_init) { - int rc; - OBD_FAIL_TIMEOUT(OBD_FAIL_LDLM_CREATE_RESOURCE, 2); rc = ns->ns_lvbo->lvbo_init(res); if (rc < 0) { -- 2.30.2